This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Debian host is missing a security-related update.
Jan Juergens discovered a buffer overflow in the parser for SMS
messages in Asterisk.
An additional change was backported, which is fully described in
With the fix for AST-2013-007, a new configuration option was added in
order to allow the system administrator to disable the expansion
of'dangerous' functions (such as SHELL()) from any interface which is
not the dialplan. In stable and oldstable this option is disabled by
default. To enable it add the following line to the section
'[options]' in /etc/asterisk/asterisk.conf (and restart asterisk)
live_dangerously = no
See also :
Upgrade the asterisk packages.
For the oldstable distribution (squeeze), this problem has been fixed
in version 1:22.214.171.124-2+squeeze12.
For the stable distribution (wheezy), this problem has been fixed in
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Debian Local Security Checks
Nessus Plugin ID: 71848 ()
Bugtraq ID: 64364
CVE ID: CVE-2013-7100
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.